CVE-2005-2978

pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.

Published: Oct 18, 2005
Updated: Nov 9, 2025
CVE: CVE-2005-2978
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
netpbm / netpbm	10.0	10.0.x
netpbm / netpbm	10.7	10.7.x
netpbm / netpbm	10.13	10.13.x
netpbm / netpbm	10.12	10.12.x
netpbm / netpbm	10.17	10.17.x
netpbm / netpbm	10.8	10.8.x
netpbm / netpbm	10.2	10.2.x
netpbm / netpbm	10.1	10.1.x
netpbm / netpbm	10.19	10.19.x
netpbm / netpbm	10.3	10.3.x
netpbm / netpbm	10.22	10.22.x
netpbm / netpbm	10.11	10.11.x
netpbm / netpbm	10.6	10.6.x
netpbm / netpbm	10.9	10.9.x
netpbm / netpbm	10.20	10.20.x
netpbm / netpbm	10.18	10.18.x
netpbm / netpbm	10.23	10.23.x
netpbm / netpbm	10.10	10.10.x
netpbm / netpbm	10.16	10.16.x
netpbm / netpbm	10.21	10.21.x
netpbm / netpbm	10.14	10.14.x
netpbm / netpbm	10.5	10.5.x
netpbm / netpbm	10.4	10.4.x
netpbm / netpbm	10.24	10.24.x
netpbm / netpbm	10.15	10.15.x

Vulnerability Database

CVE-2005-2978

Deep Security Visibility Without the Complexity